Microsoft is showing a lot of love for Windows by serving up nine bulletins this month. This is the first time I recall seeing Windows XP have fewer fixes released than Windows 7. Will this be a new pattern going forward?

Microsoft considers four of these critical and SophosLabs agrees, assigning MS12-016, MS12-013, MS12-010 and MS12-008 a high rating.

MS12-008 is a kernel driver vulnerability that could lead to remote code execution, MS12-010 is a remote execution flaw in all versions of Internet Explorer, MS12-013 is a remote code execution vulnerability in the C run-time on Windows 7/Vista/2008 and MS12-016 is a remote code execution vulnerability in Silverlight and the .NET framework.

Microsoft rated the remaining five as Important. SophosLabs agrees with two of these rating, MS12-009 and MS12-011, but considers MS12-015 to be medium and MS12-012 and MS12-014 to be high risk.

MS12-015 is a remote code execution in Visio Viewer that is triggered by a malicious Visio file, MS12-012 could allow remote code execution when opening a .icc (color profile) file on Windows 2008 and MS12-014 could allow an attacker to remotely execute code by tricking a user into loading a media file on Windows XP SP3.

As always the best practice is to apply all of these as soon as possible. If you need to prioritize, check our Microsoft's nifty chart, posted every month as part of Patch Tuesday.

If you're using Windows 7, do the following: Start-->Control Panel--->Windows Update. On the screen that appears, click on Check For Updates. Windows will then check and will show how many updates were found. Click on Install and the updates will be downloaded and installed automatically.

Also for XP professional 64-bit...had 8 updates...thanks for the heads up. They did not auto-update like they are suppose to. When I saw this information from Sophos I quickly updated my systems. Thank you for the heads up.

If you don't have Microsoft Update already, you will need to download and install the
ActiveX control for use with the website, and will be prompted to do so. Save this link
in your Favorites, and once the ActiveX control is installed, a shortcut will be placed
in your Start menu.

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics.
You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.